markus
/
TrainerInvoice
mirror of https://github.com/markuskreth/TrainerInvoice.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: markus:406331d33e90b68363356198f4e9b2b16b8b494a
Branches Tags
markus:master
..
compare: markus:ed81076d64497b0fdac72fdc1a823b05e158a06a
Branches Tags
markus:master

2 Commits
406331d33e ... ed81076d64

Author SHA1 Message Date
Markus Kreth ed81076d64 Refactoring
2 years ago
Markus Kreth 0c015a07cd Test für Security und SecurityConfiguration
2 years ago
4 changed files with 164 additions and 63 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats
  1. 4
      src/main/java/de/kreth/invoice/security/UserManager.java
  2. 17
      src/test/java/de/kreth/invoice/business/security/DummyCatchAllController.java
  3. 43
      src/test/java/de/kreth/invoice/business/security/SecurityConfigurationTest.java
  4. 43
      src/test/java/de/kreth/invoice/business/security/ViewSecurityTest.java

4
src/main/java/de/kreth/invoice/security/UserManager.java
Unescape View File

@ -3,7 +3,6 @@ package de.kreth.invoice.security;
import org.keycloak.KeycloakPrincipal; import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext; import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@ -18,8 +17,7 @@ public class UserManager {
private UserRepository userRepository; private UserRepository userRepository;
@Autowired public UserManager(UserRepository userRepository) {
public void setUserRepository(UserRepository userRepository) {
this.userRepository = userRepository; this.userRepository = userRepository;
} }

17
src/test/java/de/kreth/invoice/business/security/DummyCatchAllController.java
Unescape View File

@ -0,0 +1,17 @@
package de.kreth.invoice.business.security;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping
public class DummyCatchAllController {
@GetMapping(path = "/**")
@ResponseBody
public String catchAll() {
return "DummyCatchallController#catchAll";
}
}

43
src/test/java/de/kreth/invoice/business/security/SecurityConfigurationTest.java
Unescape View File

@ -0,0 +1,43 @@
package de.kreth.invoice.business.security;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
@WebMvcTest(controllers = DummyCatchAllController.class)
class SecurityConfigurationTest {
private MockMvc mockMvc;
@Autowired
private WebApplicationContext webApplicationContext;
@BeforeEach
void setup() {
this.mockMvc = MockMvcBuilders
.webAppContextSetup(this.webApplicationContext)
.apply(springSecurity())
.build();
}
@Test
@WithMockUser(username = "user", roles = { "USER" })
void asLoggedInUser_ICantAccess() throws Exception {
mockMvc.perform(get("/")).andExpect(status().isForbidden());
}
@Test
@WithMockUser(username = "admin", roles = { "INVOICE_USER" })
void asInvoiceUser_ICanAccess() throws Exception {
mockMvc.perform(get("/")).andExpect(status().isOk());
}
}

43
src/test/java/de/kreth/invoice/business/security/ViewSecurityTest.java
Unescape View File

@ -0,0 +1,43 @@
package de.kreth.invoice.business.security;
import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOpaqueToken;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.keycloak.adapters.springsecurity.account.KeycloakRole;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.web.reactive.server.WebTestClient;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@AutoConfigureWebTestClient
//@ActiveProfiles("test")
@Disabled
class ViewSecurityTest {
@Autowired
private WebTestClient client;
@Test
void givenUnauthenticated_whenCallService_thenIsUnauthorized() {
this.client.get().uri("/")
.exchange().expectStatus().isUnauthorized();
}
@Test
void givenAuthenticatedMissingRole_whenCallServiceWithSecured_thenForbidden() {
this.client.mutateWith(mockOpaqueToken()).get().uri("/")
.exchange().expectStatus().isForbidden();
}
@Test
void givenAuthenticated_whenCallServiceWithSecured_thenOk() {
KeycloakRole role = new KeycloakRole("INVOICE_USER");
this.client.mutateWith(mockOpaqueToken().authorities(role))
.get().uri("/")
.exchange().expectStatus().isOk();
}
}
Write Preview
Loading…
Cancel
Save